by 安全扫描
OpenClaw
可疑
medium confidenceThe skill's stated purpose (ClickUp via MCP) is plausible, but the runtime instructions ask you to extract and store long‑lived tokens from another client's credentials file and the SKILL.md declares requirements that are not reflected in the registry metadata — these inconsistencies and the token-extraction instruction are concerning.
评估建议
Before installing or using this skill: (1) Verify the skill's source and trustworthiness — the registry metadata mismatches the SKILL.md. (2) Do NOT extract tokens from other applications' credential stores unless you fully control and trust that environment; extracting from ~/.claude/.credentials.json exposes another client's secrets and is a red flag. (3) If you must use this connector, create a ClickUp OAuth token specifically for this integration (with the minimal scopes needed), store it se...详细分析 ▾
ℹ 用途与能力
The skill's capabilities (search, tasks, comments, time tracking, docs) align with what a ClickUp MCP integration would need. However, the SKILL.md metadata declares a required binary (mcporter) and env var (CLICKUP_TOKEN) while the registry fields show no required bins or env — this metadata mismatch is an incoherence that should be clarified.
⚠ 指令范围
The instructions explicitly tell the operator to read ~/.claude/.credentials.json and extract a ClickUp access token using jq, then place that token into ~/.clawdbot/.env and into a local config (config/mcporter.json). Asking the agent (or user) to read another client's credential file and extract tokens is scope creep and a privacy/credential exposure risk; it goes beyond simply telling you how to call the ClickUp MCP API.
ℹ 安装机制
This is instruction-only (no install spec), which is lower risk than arbitrary downloads. That said, the skill depends on an external tool (mcporter) but provides no install guidance or provenance for that tool — the lack of an install spec plus reliance on mcporter is an operational gap the registry should document.
⚠ 凭证需求
Functionally it makes sense that a ClickUp integration needs a ClickUp token, but the SKILL.md requests a long‑lived token (stated ~10 years) and instructs extracting it from another application's credentials file. The registry does not declare CLICKUP_TOKEN as a required credential, increasing the inconsistency. Asking for tokens with such longevity and telling users to harvest them from other clients is disproportionate and risky.
ℹ 持久化与权限
The skill does not force permanent inclusion (always: false) and does not request elevated platform privileges. However, it instructs writing the token into ~/.clawdbot/.env and editing config/mcporter.json — modifying local config is expected for a connector, but combined with the token-extraction workflow it increases persistence of a sensitive credential and expands blast radius if the token is compromised.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/1/6
Initial release - Official ClickUp MCP with OAuth workaround via Claude Code
● 无害
安装命令
点击复制官方npx clawhub@latest install clickup-mcp
镜像加速npx clawhub@latest install clickup-mcp --registry https://cn.longxiaskill.com